-----Original Message-----
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Christian
Huitema
Sent: Friday, September 12, 2014 1:34 AM
To: Doug Barton; ietf(_at_)ietf(_dot_)org
Subject: RE: dmarc damage, was gmail users read on... [bozo subtopic]
I've collected all of the DMARC workarounds I know on the ASRG wiki:
http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_
mail
Two responses to that, in no particular order of importance:
1. So you said, and yet the mere existence of that page out on the
intertubez has (oddly enough) not yet spurred the secretariat into action.
The big change with DMARC is a deprecation of the Sender/From
differentiation, effectively requiring that these two will be the same. It
seems that big systems have voted that the differentiation causes more
harm (spam, phish) than good (remailers).
This is actually not quite true. If the Sender and the From are in the same
domain then there is no problem. It becomes an issue when the Sender and the
From are different domains. DMARC does not care about the LHS of the email
address (whether it is DKIM signing or SPF validation).
Of the responses listed, the one that clearly works is to ask forwarders to
forward messages, what the wiki calls "message wrapping." It works in the
sense that the mail system sees consistent headers that pass all
verifications,
and represent the actual action of the remailer while not relying on
Sender/From differences.
At that point, the issue is mostly with the UI. If my reader did recognize the
"simple forwarding" case from "authorized remailers," then the message
wrapping solution would be just fine. The good thing is that it is very much
under my control.
-- Christian Huitema
Mike